you advise to do it in sys-vpn or in template minimal? sorry im noobie. thank you
In the template of course
I planned to write a small how to use a minimal template in addition to the guide, but this requires more work and people already struggle with setting up the qube for a VPN. Maybe in the future when I have some time to ensure the instructions would work fine, I’d write one based on Debian 13 once it’s released so it will work for a long time.
2 Likes
Great, thank so much, thats nice if you can put instructions for minimal too!
Last question, to avoid to touch fedora-41-minimal original template, is it better to clone it and work there? lets say that will be fedora-41-minimal-vpn?
thank you again
Best regards
Hi Guys, @solene @barto
i did it i’m stuck after command " nmcli connection import type wireguard file XXXX.conf".
command was successful, and if i do command “nmcli connection show” i see correctly the name, UUID, type and device, but i don’t see the notification about “connection established”. i’m using wifi, should also work? can you help me to tbs?
Is it normal that from “nmcli connection show” i can see only eth0, vpn and lo? i don’t see wireless card (wls7)? that strange because i’m connected with… do you know how i can fix it?
the wg connection it seems OK but if i do command “sudo show wg” i see also handshake.
I don’t know if matters but i use a disposable template sys-net. you?
thanks so much
Always work on clones
1 Like
If the Wireguard connection has a “Device” entry, it is active. Not sure what you mean by “the notification about the connection established”. Do you mean “the network icon on the panel”?
The Wifi device is in sys-net (red Network Manager indicator on the panel). Your sys-vpn should show another Network Manager icon, in the color you chose for the qube, containing only the interfaces you mentioned.
Yes i meant “the network icon on the panel”.
Unfortunatly i have only wifi icon like before no more.
do you have some idea why the new one don’t appear?
how can i check?
thank you
I don’t know… did you enable the Network Manager service in sys-vpn?
yes i did. to double check if i do command NetworkManager --version i can see it
I meant running in dom0:
qvm-features $SYS-VPN service.network-manager 1
where $SYS-VPN is the actual name of your sys-vpn… (and you have to restart sys-vpn afterwards).
i did it from sys-vpn settings GUI, tab service, added it and reboot, like in the guide. is it ok too?
Yes, should be enough. I don’t have any other ideas.
OK thank you anyway, lets wait @solene if she has some.
Just to take this out of the way, did you restart your system lately? MSWindows-style 
ahah yes i did.
@solene @barto found the issue but don’t know how to fix it. if i change template from sys-vpn from fedora-41-minimal to fedora-41-xfce it work!! so i think there are some package and/or config that miss in minimal. can you help me to find which? thank you
I rarely use minimal templates because of this, I can’t really help you here.
Maybe check the system logs with journalctl to see if something looks wrong 
1 Like
As @solene said, it’s hard to debug. I use debian minimal, where only “qubes-core-agent-networking” and “qubes-core-agent-network-manager” are needed to get the Network Manager icon appear, and wireguard* to get wireguard.
2 Likes
At some point, network manager is only here for convenience and the GUI approach.
For a minimal system, wireguard-tools only could be used to establish the VPN tunnel from /rw/config/rc.local.
1 Like
thanks guys, i will try to debug and let you know if i will solve with minimal template, in the middle time i will stay with fedora 41 xfce.
I have a doubt…i imported 5 wireguard profile with command nmcli so i see all of them FLAGGED in GUI. What does it mean as you know? all of them are using in the same time? or its a “estetic bug” and only 1 (which priority) is use?
thank you